On 19/03/07 21:53, Sune Vuorela wrote:
> On Monday 19 March 2007, Martin Orr wrote:
>> When I log in to kdm, I get thrown straight back to the kdm greeter without
>> any error messages.
>>
>> I have selinux on this box, in permissive mode. If I boot with selinux
>> disabled or with pam_selinux.so commented out in /etc/pam.d/common-session,
>> then I can log in fine.
>>
>> Log in works fine with kdm and kdebase-bin 4:3.5.6.dfsg.1-1, even with
>> selinux enabled.
Sorry, I meant to say here that it works with 4:3.5.5a.dfsg.1-6 in unstable.
3.5.6.dfsg.1-1 does not work. Having had a look at the source code I have
discovered that this is because 3.5.6 checks the return value of
pam_open_session while older versions just ignore it.
In fact pam_selinux fails with either version, leaving the context of my
processes as system_u:system_r:initrc_t. However, kdm is also running in
this context, which isn't right; so it looks like the bug is in my selinux
policy rather than in kdm.
> Please see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=249784 (and ignore
> the bug submitters bad attitude)
>
> There is a patch that might work, but I am currently a bit too clueless about
> SElinux to accept that patch - and I don't have much faith in the submitter.
Well I'll take a look at it, but I don't know that much about selinux myself
either.
Thanks,
--
Martin Orr